entrouvert
/
lasso
16
0
Fork 0
Code Issues Pull Requests Releases Activity

PHP Idp Sample : 

- form for creating metadata
- sso support
- small README with installation instruction
This commit is contained in:
Christophe Nowicki 2004-09-06 16:24:26 +00:00
parent aab4db8ebc
commit 7acad8e5e7
12 changed files with 614 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
php/Attic/examples/sample-idp/README
View File

@ -1 +1,27 @@
TODO ;0)
Lasso PHP Identity Provider Exemple
----------------------------------
SOFTWARE
This directory include a Liberty Alliance Identity Provider written in PHP
with the Lasso extension.
INSTALLATION
You need the fallowing components :
- The Apache Web Server with PHP4 version 4.3 with OpenSSL support enabled
- The Lasso Extension for PHP
- The PostgreSQL database server
- PHP Pear modules : DB, HTML_QuickForm
Under Debian GNU/Linux you can install thoses package with apt-get or aptitude:
apache, php4, php4-lasso, postgresql, pear.
You can download pear modules with the pear commande :
# pear install DB HTML_Common HTML_Form HTML_QuickForm
CONFIGURATION
For the Apache web server you need to add in the httpd.conf file:
RewriteEngine on
RewriteRule ^/(soapEndpoint|singleSignOn)(.*)$ /$1.php$2

21
php/Attic/examples/sample-idp/admin_user.php
View File

@ -31,12 +31,16 @@
if (DB::isError($db))
die($db->getMessage());
if (!empty($_GET['dump']))
// Show XML dump
if (!empty($_GET['dump']) && !empty($_GET['type']))
{
$query = "SELECT identity_dump FROM users WHERE user_id='" . $_GET['dump'] . "'";
$query = "SELECT " . ($_GET['type'] == 'user' ? 'user' : 'session') .
$query .= "_dump FROM users WHERE user_id='" . $_GET['dump'] . "'";
$res =& $db->query($query);
if (DB::isError($res))
print $res->getMessage(). "\n";
die($res->getMessage());
$row = $res->fetchRow();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
@ -44,7 +48,7 @@
<html>
<body>
<table>
<caption>Identity Dump</caption>
<caption><?php echo ($_GET['type'] == 'user' ? 'Identity' : 'Session'); ?> Dump</caption>
<tr>
<td>
<textarea rows="15" cols="50"><?php echo htmlentities($row[0], ENT_QUOTES); ?></textarea>
@ -86,6 +90,7 @@
<html>
<head>
<title>Lasso Service Provider Example : Users Management</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-15" />
<script language="JavaScript" type="text/javascript">
<!--
@ -146,10 +151,12 @@
<?php
switch ($tableinfo[$i]['name'])
{
case "identity_dump":
echo "<a href=javascript:openpopup('". $PHP_SELF . '?dump=' . $row[0] . "')>view</a>";
case "user_dump":
echo "<a href=javascript:openpopup('". $PHP_SELF . '?dump=' . $row[0] . "&type=user')>view</a>";
break;
case "session_dump":
echo "<a href=javascript:openpopup('". $PHP_SELF . '?dump=' . $row[0] . "&type=session')>view</a>";
break;
default:
echo (empty($row[$i])) ? "&nbsp;" : $row[$i];
}

134
php/Attic/examples/sample-idp/create_metadata.php Normal file
View File

@ -0,0 +1,134 @@
<?php
/*
* Identity Provider Example -- Form for creating Service Provider Metadata
*
* Copyright (C) 2004 Entr'ouvert
* http://lasso.entrouvert.org
*
* Authors: Christophe Nowicki <cnowicki@easter-eggs.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
require_once 'HTML/QuickForm.php';
$form = new HTML_QuickForm('frm');
$form->setDefaults(array(
'providerID' => 'https://',
'AssertionConsumerService' => 'https://',
'SoapEndpoint' => 'https://',
'SingleLogoutService' => 'https://',
'RegisterNameIdentifierService' => 'https://',
'AuthnRequestsSigned' => 1,
'filename' => getcwd().'/metadata.xml'
));
$form->addElement('header', null, 'Create Liberty Alliance Metadata for an Service Provider');
$form->addElement('text', 'providerID', 'providerID:', array('size' => 60, 'maxlength' => 255));
$form->addElement('text', 'AssertionConsumerService', 'AssertionConsumerService:', array('size' => 60, 'maxlength' => 255));
$form->addElement('text', 'SingleLogoutService', 'SingleLogoutService:', array('size' => 60, 'maxlength' => 255));
$form->addElement('select', 'SingleLogoutProtocolProfile', 'SingleLogoutProtocolProfile:', array('http://projectliberty.org/profiles/slo-idp-soap'));
$form->addElement('text', 'RegisterNameIdentifierService', 'RegisterNameIdentifierService:', array('size' => 60, 'maxlength' => 255));
$form->addElement('select', 'RegisterNameIdentifierProtocolProfile', 'RegisterNameIdentifierProtocolProfile:', array('http://projectliberty.org/profiles/rni-sp-soap'));
$form->addElement('text', 'SoapEndpoint', 'SoapEndpoint:', array('size' => 60, 'maxlength' => 255));
$form->addElement('checkbox', 'AuthnRequestsSigned', 'Authn Requests must be signed? :', '');
$form->addElement('textarea', 'metadata', 'Metadata:', array('cols' => 60, 'rows' => 15));
$form->addElement('text', 'filename', 'Filename:', array('size' => 60, 'maxlength' => 255));
$button[] = &HTML_QuickForm::createElement('button', null, 'Preview', array('onclick' => "write_metadata_preview();"));
$button[] = &HTML_QuickForm::createElement('submit', null, 'Write Metadata');
$form->addGroup($button, null, null, '&nbsp;', false);
if ($form->validate()) {
$xml = "<?xml version=\"1.0\"?>
<EntityDescriptor providerID=\"". $form->exportValue('providerID') ."\" xmlns=\"urn:liberty:metadata:2003-08\">
<SPDescriptor>
<AssertionConsumerServiceURL id=\"AssertionConsumerServiceURL1\" isDefault=\"true\">" . $form->exportValue('AssertionConsumerService') . "</AssertionConsumerServiceURL>\n
<SingleLogoutServiceURL>" . $form->exportValue('SingleLogoutService') . "</SingleLogoutServiceURL>
<SingleLogoutProtocolProfile>" . $form->exportValue('SingleLogoutProtocolProfile') . "</SingleLogoutProtocolProfile>\n
<RegisterNameIdentifierServiceURL>" . $form->exportValue('RegisterNameIdentifierService') . "</RegisterNameIdentifierServiceURL>
<RegisterNameIdentifierProtocolProfile>" . $form->exportValue('RegisterNameIdentifierProtocolProfile') . "</RegisterNameIdentifierProtocolProfile>\n
<SoapEndpoint>" . $form->exportValue('SoapEndpoint') . "</SoapEndpoint>\n
<AuthnRequestsSigned>" . (($form->exportValue('AuthnRequestsSigned')) ? 'true' : 'false') . "</AuthnRequestsSigned>
</SPDescriptor>
</EntityDescriptor>";
if (($fd = fopen($form->exportValue('filename'), "w")))
{
fwrite($fd, $xml);
fclose($fd);
}
else
die("Could not write metadata file :" . $form->exportValue('filename'));
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<body onLoad="window.close()">
</body>
</html>
<?php
exit;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<script language="JavaScript" type="text/javascript">
<!--
function write_metadata_preview(popurl)
{
frm = document.frm;
frm.metadata.value =
'<\?xml version=\"1.0\"\?>\n' +
'<EntityDescriptor\n' +
'providerID="' + frm.providerID.value + '\"\n' +
'xmlns=\"urn:liberty:metadata:2003-08\">\n' +
'<SPDescriptor>\n' +
'<AssertionConsumerServiceURL id=\"AssertionConsumerServiceURL1\" isDefault=\"true\">' +
frm.AssertionConsumerService.value + '</AssertionConsumerServiceURL>\n' +
'<SingleLogoutServiceURL>' + frm.SingleLogoutService.value + '</SingleLogoutServiceURL>\n' +
'<SingleLogoutProtocolProfile>' + frm.SingleLogoutProtocolProfile.options[frm.SingleLogoutProtocolProfile.value].text + '</SingleLogoutProtocolProfile>\n' +
'<RegisterNameIdentifierServiceURL>' + frm.RegisterNameIdentifierService.value + '</RegisterNameIdentifierServiceURL>\n' +
'<RegisterNameIdentifierProtocolProfile>' + frm.RegisterNameIdentifierProtocolProfile.options[frm.RegisterNameIdentifierProtocolProfile.value].text + '</RegisterNameIdentifierProtocolProfile>\n' +
'<SoapEndpoint>' + frm.SoapEndpoint.value + '</SoapEndpoint>\n' +
'<AuthnRequestsSigned>' + ((frm.AuthnRequestsSigned.value) ? 'true' : 'false') + '</AuthnRequestsSigned>\n' +
'</SPDescriptor>\n' +
'</EntityDescriptor>';
}
//-->
</script>
</head>
<body>
<?php
$form->display();
?>
<br>
<p>Copyright &copy; 2004 Entr'ouvert</p>
</body>
</html>

32
php/Attic/examples/sample-idp/defederate.php Normal file
View File

@ -0,0 +1,32 @@
<?php
/*
* Identity Provider Example -- Destroy Federation
*
* Copyright (C) 2004 Entr'ouvert
* http://lasso.entrouvert.org
*
* Authors: Christophe Nowicki <cnowicki@easter-eggs.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
session_start();
if (!isset($_SESSION['user_id']))
{
die("User is not logged in!\n");
}
?>

32
php/Attic/examples/sample-idp/federate.php Normal file
View File

@ -0,0 +1,32 @@
<?php
/*
* Identity Provider Example -- Create Federation
*
* Copyright (C) 2004 Entr'ouvert
* http://lasso.entrouvert.org
*
* Authors: Christophe Nowicki <cnowicki@easter-eggs.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
session_start();
if (!isset($_SESSION['user_id']))
{
die("User is not logged in!\n");
}
?>

51
php/Attic/examples/sample-idp/index.php
View File

@ -52,13 +52,9 @@ You can get more informations about <b>Lasso</b> at <br>
require_once 'DB.php';
if (!empty($_GET['SID']))
session_start($_GET['SID']);
else
session_start();
session_start();
lasso_init();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
@ -82,12 +78,53 @@ You can get more informations about <b>Lasso</b> at <br>
<tr>
<td><b>Identity Provider Fonctionnality</b></td>
</tr>
<?php
if (!isset($_SESSION["user_id"])) {
?>
<tr>
<td><a href="login.php">Login</a></td>
<td><a href="login.php">Local Login</a></td>
</tr>
<?php } else { ?>
<tr>
<td><a href="federate.php">Create federation</a></td>
</tr>
<tr>
<td><a href="defederate.php">Destroy federation</a></td>
</tr>
<tr>
<td><a href="logout.php">Local Logout</a></td>
</tr>
<?php } ?>
</table>
</p>
<!-- <p>Lasso Version : <?php // echo lasso_version(); ?></p> -->
<p>
<table border="1" frame="above">
<caption><b>Status</b></caption>
<tr>
<?php
if (!isset($_SESSION["user_id"]))
{
echo "<td>User is <b>not</b> logged in!</td>";
}
else
{
?>
<td colspan='2' align="center">User <b>is</b> logged in!</td>
</tr>
<tr>
<td><b>UserID:</b></td><td><?php echo $_SESSION["user_id"]; ?></td>
</tr>
<tr>
<td><b>User Name:</b></td><td><?php echo $_SESSION["username"]; ?></td>
</tr>
<tr>
<td><b>PHP Session ID:</b></td><td><?php echo session_id(); ?></td>
</tr>
<?php
}
?>
</table>
<br>
<p>Copyright &copy; 2004 Entr'ouvert</p>

37
php/Attic/examples/sample-idp/login.php
View File

@ -23,18 +23,53 @@
*/
$config = unserialize(file_get_contents('config.inc'));
require_once 'DB.php';
require_once 'HTML/QuickForm.php';
require_once 'DB.php';
$form = new HTML_QuickForm('frm');
$form->addElement('header', null, 'Login on the Lasso Identity Provider Example');
$form->addElement('text', 'username', 'Username:', array('size' => 50, 'maxlength' => 255));
$form->addElement('password', 'password', 'Password:', array('size' => 50, 'maxlength' => 255));
$form->addElement('submit', null, 'Ok');
$form->addRule('username', 'Please enter the Username', 'required', null, 'client');
$form->addRule('password', 'Please enter the Password', 'required', null, 'client');
if ($form->validate())
{
$config = unserialize(file_get_contents('config.inc'));
$db = &DB::connect($config['dsn']);
if (DB::isError($db))
die($db->getMessage());
$query = "SELECT user_id FROM users WHERE username=" . $db->quoteSmart($form->exportValue('username'));
$query .= " AND password=" . $db->quoteSmart($form->exportValue('password'));;
$res =& $db->query($query);
if (DB::isError($res))
die($res->getMessage());
$db->disconnect();
if ($res->numRows())
{
$row = $res->fetchRow();
session_start();
$_SESSION['user_id'] = $row[0];
$_SESSION['username'] = $form->exportValue('username');
$url = 'index.php';
header("Request-URI: $url");
header("Content-Location: $url");
header("Location: $url");
exit;
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

36
php/Attic/examples/sample-idp/logout.php Normal file
View File

@ -0,0 +1,36 @@
<?php
/*
* Identity Provider Example -- Local Logout
*
* Copyright (C) 2004 Entr'ouvert
* http://lasso.entrouvert.org
*
* Authors: Christophe Nowicki <cnowicki@easter-eggs.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
session_start();
# Destroy The PHP Session
$_SESSION = array();
session_destroy();
$url = "index.php";
header("Request-URI: $url");
header("Content-Location: $url");
header("Location: $url");
?>

14
php/Attic/examples/sample-idp/setup.php
View File

@ -363,6 +363,15 @@
<head>
<title>Setup script for Lasso (Liberty Alliance Single Sign On)</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-15" />
<script language="JavaScript" type="text/javascript">
<!--
function openpopup(popurl)
{
var winpops=window.open(popurl,"","width=600,height=400")
}
//-->
</script>
</head>
<body>
<form name='frm' action='<?php echo $PHP_SELF ?>' method='POST'>
@ -447,7 +456,8 @@
</tr>
<tr>
<td>Metadata</td><td><input type='text' name='metadata' size='50'></td><td>&nbsp;</td>
<td>Metadata</td><td><input type='text' name='metadata' size='50'></td>
<td><a href="javascript:openpopup('create_metadata.php')">Create Metadata</a></td>
</tr>
<tr>
@ -471,6 +481,8 @@
<input type='submit' name='setup' value='setup'>
</p>
</form>
<br>
<p>Copyright &copy; 2004 Entr'ouvert</p>
</body>
</html>
<?php

201
php/Attic/examples/sample-idp/singleSignOn.php
View File

@ -1,7 +1,6 @@
<?php
/*
*
* Identity Provider Example -- Setup
* Identity Provider Example -- Single Sing On
*
* Copyright (C) 2004 Entr'ouvert
* http://lasso.entrouvert.org
@ -22,35 +21,191 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
if (empty($_POST) && empty($_GET))
{
die("Unknow login methode!");
}
$methode = empty($_POST) ? 'GET' : 'POST';
require_once 'HTML/QuickForm.php';
require_once 'DB.php';
$config = unserialize(file_get_contents('config.inc'));
lasso_init();
session_start();
$server_dump = file_get_contents($config['server_dump_filename']);
// Create the form
$form = new HTML_QuickForm('frm');
$form->addElement('header', null, 'Single Sing On Login');
$form->addElement('text', 'username', 'Username:', array('size' => 50, 'maxlength' => 255));
$form->addElement('password', 'password', 'Password:', array('size' => 50, 'maxlength' => 255));
$form->addElement('submit', null, 'Ok');
$server = LassoServer::newfromdump($server_dump);
$form->addRule('username', 'Please enter the Username', 'required', null, 'client');
$form->addRule('password', 'Please enter the Password', 'required', null, 'client');
$login = new LassoLogin($server);
if ($methode = 'GET')
// Login dump is not available, show the login form
if (!isset($_SESSION['login_dump']) && !$form->validate())
{
print $_SERVER['QUERY_STRING'];
$login->initFromAuthnRequestMsg($_SERVER['QUERY_STRING'], lassoHttpMethodRedirect);
print "ici";
}
else
{
// TODO
// Check for AuthnRequest
if (empty($_POST) && empty($_GET))
{
die("Unknow login methode!");
}
lasso_init();
$server_dump = file_get_contents($config['server_dump_filename']);
$server = LassoServer::newfromdump($server_dump);
$login = new LassoLogin($server);
if ($_SERVER['REQUEST_METHOD'] = 'GET')
$login->initFromAuthnRequestMsg($_SERVER['QUERY_STRING'], lassoHttpMethodRedirect);
else
{
// TODO
exit;
}
// User must NOT Authenticate with the IdP
if (!$login->mustAuthenticate())
{
// TODO
exit;
}
$login_dump = $login->dump();
$_SESSION['login_dump'] = $login->dump();
lasso_shutdown();
}
if (isset($_SESSION['login_dump']) && $form->validate())
{
$db = &DB::connect($config['dsn']);
//echo $methode;
//echo $_SERVER['QUERY_STRING'];
if (DB::isError($db))
die($db->getMessage());
$query = "SELECT user_id FROM users WHERE username=" . $db->quoteSmart($form->exportValue('username'));
$query .= " AND password=" . $db->quoteSmart($form->exportValue('password'));;
$res =& $db->query($query);
if (DB::isError($res))
die($res->getMessage());
if ($res->numRows())
{
// Get user_id from users
$row = $res->fetchRow();
$user_id = $row[0];
$server_dump = file_get_contents($config['server_dump_filename']);
lasso_init();
$server = LassoServer::newfromdump($server_dump);
$login = LassoLogin::newfromdump($server, $_SESSION['login_dump']);
$authenticationMethod = (($_SERVER["HTTPS"] == 'on') ? lassoSamlAuthenticationMethodSecureRemotePassword : lassoSamlAuthenticationMethodPassword);
if ($login->protocolProfile == lassoLoginProtocolProfileBrwsArt)
{
$login->buildArtifactMsg(
TRUE, // User is authenticated
$authenticationMethod,
"2005-05-03T16:12:00Z", # FIXME: reauthenticateOnOrAfter
lassoHttpMethodRedirect);
}
else if ($login->protocolProfile == lassoLoginProtocolProfileBrwsPost)
{
// TODO
print "TODO : Post\n";
exit();
}
else
die("Unknown protocol profile for login:" . $login->protocolProfile);
if ($login->isIdentityDirty)
{
// TODO
// print "isIdentityDirty yes";
}
// Get name identifier
$query = "SELECT name_identifier FROM nameidentifiers WHERE user_id='$user_id'";
$res =& $db->query($query);
if (DB::isError($res))
die($res->getMessage());
// Save name identifier
if (!$res->numRows())
{
$query = "INSERT INTO nameidentifiers (name_identifier, user_id) ";
$query .= "VALUES ('" . $login->nameIdentifier . "','$user_id')";
$res =& $db->query($query);
if (DB::isError($res))
die($res->getMessage());
$name_identifier = $login->nameIdentifier;
}
else
{
$row = $res->fetchRow();
$name_identifier = $row[0];
}
// Update identity dump
$identity = $login->identity;
$query = "UPDATE users SET user_dump=".$db->quoteSmart($identity->dump())." WHERE user_id='$user_id'";
$res =& $db->query($query);
if (DB::isError($res))
die($res->getMessage());
// Update session dump
$session = $login->session;
$query = "UPDATE users SET session_dump=".$db->quoteSmart($session->dump())." WHERE user_id='$user_id'";
$res =& $db->query($query);
if (DB::isError($res))
die($res->getMessage());
// Save assertion
$query = "INSERT INTO assertions (assertion, response_dump) VALUES ('" . $login->assertionArtifact;
$query .= "', '" . $login->responseDump . "')";
$res =& $db->query($query);
if (DB::isError($res))
die($res->getMessage());
if ($login->protocolProfile == lassoLoginProtocolProfileBrwsArt)
{
$artifact = $login->assertionArtifact;
$response_msg = $login->responseDump;
$url = $login->msgUrl;
header("Request-URI: $url");
header("Content-Location: $url");
header("Location: $url");
}
else if ($login->protocolProfile == lassoLoginProtocolProfileBrwsPost)
{
}
lasso_shutdown();
exit();
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<body>
<?php
$form->display();
?>
</body>
</html>

66
php/Attic/examples/sample-idp/soapEndpoint.php
View File

@ -22,4 +22,70 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
require_once 'DB.php';
header("Content-Type: text/xml\r\n");
if (empty($HTTP_RAW_POST_DATA))
die("HTTP_RAW_POST_DATA is empty!");
$config = unserialize(file_get_contents('config.inc'));
$server_dump = file_get_contents($config['server_dump_filename']);
lasso_init();
$requestype = lasso_getRequestTypeFromSoapMsg($HTTP_RAW_POST_DATA);
$server = LassoServer::newfromdump($server_dump);
$db = &DB::connect($config['dsn']);
if (DB::isError($db))
die($db->getMessage());
switch ($requestype)
{
// Login
case lassoRequestTypeLogin:
$login = new LassoLogin($server);
$login->processRequestMsg($HTTP_RAW_POST_DATA);
$artifact = $login->assertionArtifact;
$query = "SELECT response_dump FROM assertions WHERE assertion='";
$query .= $artifact ."'";
$res =& $db->query($query);
if (DB::isError($res))
die($res->getMessage());
// Good Artifact, send reponse_dump
if ($res->numRows())
{
$row = $res->fetchRow();
$query = "DELETE FROM assertions WHERE assertion='" . $artifact . "'";
$res =& $db->query($query);
if (DB::isError($res))
die($res->getMessage());
header("Content-Length: " . strlen($row[0]) . "\r\n");
echo $row[0];
}
else
{
// Wrong Artifact
header("HTTP/1.0 403 Forbidden");
header("Content-Length: 0\r\n");
exit;
}
break;
case lassoRequestTypeLogout:
break;
case lassoRequestTypeDefederation:
break;
default:
die("Unkown request type!");
}
lasso_shutdown();
?>

2
php/Attic/examples/sample-idp/user_add.php
View File

@ -73,5 +73,7 @@
<?php
$form->display();
?>
<br>
<p>Copyright &copy; 2004 Entr'ouvert</p>
</body>
</html>